Microsoft details evolving cybersecurity threats of war in Ukraine

More than two months have passed since Russia launched a massive invasion of Ukraine. As the war enters its third month, Microsoft shared a report detailing key cybersecurity developments in the war so far.

Back in January, Microsoft’s Threat Intelligence Center uncovered wiper malware in a dozen different Ukrainian networks and alerted the Ukrainian governments. Russian cyberattacks, conducted by six different Russian Advanced Persistent Threat actors have run parallel to physical attacks on the ground. A day before the invasion began, Russia’s GRU intelligence agency launched a series of initial cyberattacks on hundreds of Ukrainian government, IT, energy, and financial services organizations.

• See also: What does the Russian invasion of Ukraine mean for cloud security?

According to Microsoft, several different malware families have been used to overwrite data and make machines unbootable including WhisperGate (WhisperKill), FoxBlade (Hermetic Wiper), SonicVote (HermeticRansom), CaddyWiper, DesertBlade, Industroyer2, Lasainraw (IssacWiper), and FiberLake (DoubleZer). About 40 different attacks between the end of February and early April destroyed files in systems across Ukraine, with 40 percent of attacks aimed at critical infrastructure.

Russia laid the groundwork for its invasion much earlier. Back in 2021, Russia began to target supply chain vendors and its NOBELIUM actor launched a large-scale phishing campaign. Throughout March and April, cyber-attacks have occurred most frequently in the greater Kyiv region and in eastern Ukraine, paralleling the armored warfare campaigns in both regions.